使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

With a Site-to-Site VPN, how can I set the neighbor remote-as BGP to something other than 65000?

0

Hi. We are in the process of setting up a Site-to-Site VPN between a TGW and a Customer Gateway . Having downloaded the configuration file, we have been advised by our networking partner that we need to amend the advertised remote-as BGP value.

Creating a new CGW only gives the option to change the 'router bgp' value. How can we change the remote-as value to 12345 (for example)?

As we are currently stuck with the IPSEC VPN up, but the overall status as DOWN.

#4: Border Gateway Protocol (BGP) Configuration

router bgp 65001
  bgp log-neighbor-changes
  bgp graceful-restart
    address-family ipv4 unicast
    neighbor 169.254.x.x remote-as 65000

Many Thanks.

主題
網路與內容交付
標籤
Amazon VPCAWS Direct Connect網路與內容交付AWS Transit Gateway
語言
English
mowen13
已提問 2 年前檢視次數 748 次
1 個回答
0
已接受的答案

AWS Console

Yes, you can change the remote-as by modify the customer gateway of your Site-to-Site VPN connection using the Amazon VPC console. Summarized steps listed below, please reference this document(1) for more details.

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Customer Gateways.
  3. Create a NEW Customer Gateway with desired NEW AS number.
  4. In the navigation pane, choose Site-to-Site VPN Connections.
  5. Select the Site-to-Site VPN connection and then choose Actions, Modify VPN Connection.
  6. For Target Type, choose Customer Gateway.
  7. For Target Customer Gateway ID, choose the ID for the customer gateway created in step3 with NEW AS number that you want to use for the connection.

Please keep in mind, after you change the customer gateway, your Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.

Modify the remote-as which is found in the downloaded configuration file

Modify the remote-as which is found in the downloaded configuration file is not possible. To summarize, modifying ASN information for an existing Transit Gateway is not possible.

We need to create a new Transit Gateway with desired ASN, and attach the desired VPC to the newly created TGW.

Additionally, the VPN connection target type needs to be updated to the newly created TGW.

Once, the VPN connection target type is updated, it will be automatically associated with the NEW TGW route table .

On-prem routes learned via VPN BGP session will be propagated to the NEW TGW route table.

Lastly, we need to update the entry in the VPC subnet route table that contains the transit gateway ID to the new transit gateway ID. You can reference this document(1) for more details.

(1) Modifying a Site-to-Site VPN connection's target gateway https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.htm (2) Quotas for your transit gateways https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-quotas.html

AWS
支援工程師
Nirmal_Karia
已回答 2 年前
  • mowen13
    2 年前

    Thank you. Yes, the creation of a new Transit Gateway whilst setting the ASN appears to solve this issue

    Though I suspect not, but is there any way to accommodate an ASN / BGP value outside of the ranges given in the console - i.e: 23456 - rather than entering a value in either the 64512-65534 or 4200000000-4294967294 range?

    Many Thanks.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容